InfoSec Season 5 Budget Proposal

Program Name: BanklessDAO Information Security Team
Program Champion: BogDrakonov#1337
Start Date: August 8th, 2022
End Date: October 30th, 2022
Multisig Wallet Address: 0x35201Cb23590bF72457F2E4Ee36D1BfeA3E7aa41
Meeting Discussions: InfoSec Meetings are held Wednesdays at 7pm EST

Program Justification

BanklessDAO members and crypto users as a whole have suffered many personal security breaches of their wallets, accounts, and other resources. After a serious round of Discord Nitro phishing campaigns and a constant raid of spam bots, and scammers in Season 3, and random continued attacks throughout Season 4, the DAO’s need for an InfoSec team remains high in Season 5. We’ve seen a few long standing members also get hit with sophisticated phishing attacks targeting BANK holders.

InfoSec continues to manage GitHub, Google Workspace, and AWS as we continue to leverage some of these Web2 vendors for the benefit of the DAO.

We plan on continuing to fine tune our anti-spam/scam measures as well as improve our educational materials in Season 5. In Season 5 we plan to host live training and workshops to teach everything from Crypto Wallet Security 101 to advanced personal OpSec to avoid falling for scams.

The success of the InfoSec team will be measurable by a few key points:

  • BanklessDAO members, contributors, and guests gain an overall better understanding of how to stay safe online, and how to remain safe when transacting on EVM-based networks.
  • BanklessDAO remains secure against data breaches, attacks, vandalism, and theft/fraud.
  • Educational programs and content around information security, resulting in peer to peer education amongst Discord members, and the wider Bankless community
  • Timely support and operations of Web2 vendors under the InfoSec Team’s purview.

Program Terms

The BanklessDAO InfoSec team is cross-functional in nature, as information security is everyone’s responsibility. In order to remain transparent, the InfoSec team acts as an independent “project” and is not tied to any guild. We will collaborate heavily with every guild and project to provide security advice and operations wherever they may be needed. Some core cross-collab operations include:

  • Gatekeeping access and evaluating Principle of Least Privilege across the DAO.
  • Monitoring and alerting on critical systems where an intrusion would publicly harm the DAO (ie: defaced websites, DEGEN infrastructure takeover, email spam from @bankless.community addresses, etc…)
  • Securing the bankless.community DNS service with logged and gated access via Route53
  • Help with improvements to onboarding new DAO members, and the DAO-curious to proper personal operational security (OpSec) around protecting your accounts and assets. (ie: First quest security tasks, easy to follow guides and educational material, newsletter and Medium content)
  • Collaborate with various projects during their design to help keep a “Security First” mindset without getting in the way of work
  • Collaborate with the Writers Guild and EPA to develop and publish content both in bDAO’s Weekly Rollup and on its Medium page. At least initially, there would be a regular InfoSec or OpSec column to provide a forum to educate DAO members on best practices in the Weekly rollup.

Infrastructure Costs

BanklessDAO InfoSec Team Costs

Team Compensation

BanklessDAO’s InfoSec Team is seeking the same compensation as in Season 4 despite our increasing activity:

  • InfoSec Team Coordinator - BogDrakonov#1337 - 120k BANK
    • Facilitate weekly discussions and meetings
    • Manage team direction and coordination
    • Manage project priorities and triage incoming help requests
    • Work on project missions
    • Office hours where I am active in voice chat at my desk for 1:1 sessions, receiving reports, educating users, or just general InfoSec discussions with whoever joins.
  • Google Workspace/GitHub Management - 150k BANK
    • Taking on GitHub ownership from DevOps as they are winding down administration of services in Season 5. Dev Guild will still have an active presence in GitHub but InfoSec now oversees security and authentication
    • On-board our first Google Workspace users now that we have a platform.
    • Two InfoSec team members will oversee GitHub Organization and Google Workspace management and split the work/payment evenly
  • InfoSec Educational Program - 40k BANK
    • Create and maintain an educational InfoSec program for BanklessDAO
      • This will include working alongside the Newsletter Team to deliver bite-sized security-related content in the Weekly Rollup on a weekly basis
      • Live training and workshops for practical skills such as Personal OpSec and wallet security
      • InfoSec RSS feed for CISA alerts and similar
    • Documentation for best practices on wallet security, 2FA, and other security hardening topics
      • Likely through our InfoSec Discord channels, instead of a website as proposed in S3, due to higher visibility by the DAO
    • 10k BANK to be spend as part of educational InfoSec raffles that include quizzes or other knowledge tests
  • Discord Moderation Bot Project - 70k
    • Maintaining and tuning Wick as edge cases pop up
    • Learning Wick inside and out
    • Planning bot management as a service for Bankless Consulting
  • POAP Manager - 10k BANK
    • InfoSec POAPs design & release
    • Work with Infosec Education program to design some neat POAP raffles for InfoSec to drive engagement
      • Unique POAPs or NFTs for InfoSec quizzes

Total: 390k BANK

Returning Season 4 Veterans

  • BogDrakonov#1337 - InfoSec Team Lead/Coordinator
  • Dysan#6547 - Google Workspace/GitHub Management
  • d0wnlore#1050 - InfoSec Education Coordinator

Season 5 Recruits

  • roseja#7457 - DevOps/InfoSec Trainee

Former Members

  • Texas Farmer#2662 - InfoSec Educator
  • stackthat.eth#5136 - Terraform expert aiding the InfoSec team
  • Sidthescriptkid21#1806 - InfoSec explorer attending meetings and looking for work

Do we fund the InfoSec Team for Season 5

  • Yes
  • No

0 voters

2 Likes